Security Models Summary

Project 1 Scene 1 You have just taken a position as the chief information security officer at your organization. John Williams, the chief technology officer and your new boss, stops at your office door. “I know you’re busy, but I’d like you to come by my office when you get a chance.” Excited about the prospect of something new, you grab a pen and paper and walk to John’s office. Scene 2 John says, “Thanks for coming over so quickly. I’ll get right to the point. As the CISO, I’m sure that you’re aware of the recent Office of Personnel Management breach, and the impact that this has had on our industry. John continues, “I’m sure that you also realize the heavy burden on our department to protect our organization’s assets and information. I would like to make sure that a similar situation doesn’t happen here. My first step toward preventive measures is to develop new policies and procedures that better protect our data.” John sits at his desk and begins typing while he says, “That brings me to why I asked you here. While I begin my review of current policies and procedures, I would like you to help me by drafting a custom security plan that best fits our organization.” John continues, “You should start by analyzing our security weaknesses, or vulnerabilities, then continue with reviewing existing security models and analyzing which attributes are best suited for our organization. “You will look at the pros and cons of each model, which attributes are best suited for us, and the reasoning behind your conclusions. You will need to submit your completed report to me with a drafted security plan in two weeks.” As a new employee, you realize that this is a great opportunity to show your new boss how you can make a positive contribution to your organization. You know you have enough time to complete your analysis if you start right away. Most companies and agencies implement security models to protect the confidentiality, integrity, and availability (CIA) of information and data. As security vulnerabilities and threats continue to evolve, security systems need to adapt to effectively protect data and systems. In this project, you will evaluate existing security models and their attributes and ultimately recommend a custom security plan to your assigned organization. You will also evaluate the pros and cons of implementing particular model attributes based on the type of organization and employees in relation to CIA. Upon completion of this project, you will have written a report on the importance of security models in organizations like yours and identified the vulnerabilities of your organization. This is the first of four sequential projects. There are 14 steps in this project. Begin by reviewing the project scenario, then proceed to Step 1. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. 5.1: Define and appropriately use basic cybersecurity concepts and terminology. 6.2: Create an information security program and strategy, and maintain their alignment. 7.3: Evaluate enterprise cybersecurity policy. 9.2: Rank the vulnerabilities of a system from a disaster-management perspective. Step 1: Review Assigned Organization All four projects for this course will be completed from the vantage point of a specific industry and an organization assigned to you by the instructor. Familiarize yourself with the organization your instructor has assigned to you by reviewing the organization description. The descriptions include an overview and key information about the organization, as well as information about a breach or attempted breach. For the purposes of this course, you will assume this organization is your employer. You may wish to briefly research your assigned organization to gather additional information about the organization and its security posture. Step 2: Cybersecurity Background Summary In Step 1, you familiarized yourself with your assigned organization. Now it is time to write a cybersecurity overview. Write a three-page background summary that includes a general overview of cybersecurity and a section on enterprise cybersecurity.